blog posts


How To Succeed In Hiring A Security Expert?

Professionals Interested In Cybersecurity Jobs Should Show Businesses That They Are Qualified To Qualify For The Job. For This Purpose, They Must Answer The Specialized Questions Of Their Field Of Work. 

The questions asked in the interview session are mainly about a specific and specialized field. The interviewer may ask questions about how firewalls are designed or how information stored in specific programs is protected.

However, depending on the role and the extent to which it affects other parts of the organization, interdisciplinary questions are sometimes raised.

For example, a person who is going to work as a cybersecurity analyst in an organization should show his / her employer that he/she has extensive knowledge of different technologies and programming languages.

What is Cyber ​​Security?

Cybersecurity, sometimes referred to as information security, refers to the protection of information systems against hacking vulnerabilities. Attacks targeting hardware, software, and sensitive information. Security experts should provide specific policies to prevent deprivation of service and botnets from simply targeting the organization’s infrastructure.

Newcomers to cybersecurity, despite their hard work in theory and practice, are still particularly concerned about attending interviews. To have an overview of the recruitment questions of attracting security experts, we reviewed various sources and collected the common questions raised in these tests in the form of questions and answers so that readers can be prepared before attending these tests…

The questions collected in this article show you what questions you should expect before taking the recruitment exams of Iranian companies and even companies such as MITER, Deloitte, Accenture, Cisco, Google, Lockheed, etc.

Therefore, we suggest that you carefully consider these questions and, if possible, spend at least an hour or two a day reading specialized security articles.

Especially if you decide to send a resume for a job as a security analyst.

A very important point to note and very few people pay attention to is two-way communication. You are not going to attend an interrogation session and be the only respondent, but you should ask the interviewer about the position, job description, and what you are going to do.

Therefore, we suggest that you carefully consider these questions and, if possible, spend at least an hour or two a day reading specialized security articles. Especially if you decide to send a resume for a job as a security analyst.

A very important point to note and very few people pay attention to is two-way communication.

You are not going to attend an interrogation session and be the only respondent, but you should ask the interviewer about the position, job description, and what you are going to do.

Therefore, we suggest that you carefully consider these questions and, if possible, spend at least an hour or two a day reading specialized security articles. Especially if you decide to send a resume for a job as a security analyst.

A very important point to note and very few people pay attention to is two-way communication. You are not going to attend an interrogation session and be the only respondent, but you should ask the interviewer about the position, job description, and what you are going to do.

 Familiarity with the applicant

Before examining the technical aspects of the job of information security, it is important to note that in all employment sessions, the interviewer first tries to gain a basic understanding of you. In almost all interviews with security experts, interviewers first ask about the applicant’s professional status and would like to know more about the applicant’s background and education.

The questions and answers in this regard are short and are mostly based on the elevator technique. If you do not know the technique of elevator Q&A, I suggest you read the article “How to prepare a professional elevator lecture” published in the same issue of Network Magazine.

In connection with the specialized questions, you should show the interviewer what you have done and what you intend to do.

General questions

Why are you looking for a new position?

The interviewer who asks this question seeks to understand what caused you to leave your current job. Are you looking for more responsibilities, are you looking for an opportunity to improve and expand your skillset, do you feel that your skill level and knowledge are beyond the current situation; Are you looking for a higher salary?

If so, why do you think you deserve to be paid more, and if you are going to be hired, what changes will you make to security protocols so that the efficiency of equipment and services is not reduced?

It is best to carefully explain to the interviewer what your goal and motivation is for finding a new job and what benefits your attraction will bring to the organization.

What are your biggest successes and strengths?

The best answer is to explain how you helped your old company. Have you used the latest technologies and firewalls to secure the previous company’s infrastructure to prevent information leaks, have you regularly checked the status of routers and redefined routes so that network nodes can exchange information based on new routes?

Determining the level of access to the information you have used, how have you interacted with other employees of the organization and the company’s customers? Provide the interviewer with clear information about the different technologies about which you have sufficient information and how to apply new technologies in the latest job position.

Explain how you communicated constructively with your colleagues and how you completed various projects as a team.

What are your biggest weaknesses, how do you overcome problems?

Everyone is wrong, there is no human being who claims to have absolute knowledge in his field of work. It is better, to be honest, and show what plans you have for improving the current situation and how you intend to prove your skill level in practice. Research the past, have you been responsible for a serious defect or problems?

You may not be to blame for the problem, but how you deal with the problem shows that you have been professional in your work, and the ability to solve the problem has helped you take control of everything quickly. For example, an employee may be the victim of a phishing attack and inadvertently allow hackers to access communications infrastructure.

In this case, you are not to blame, but the policies you have developed show how prepared you are to deal with such a problem.

Show the interviewer that you are looking to learn from mistakes, and even if you are not to blame for the mistakes, you will still take the lead in solving the problems. Explain how you are responsible and help the relevant department manager solve problems.

How do you imagine the first 90 days of your work?

Your answer shows how you will consult with team members to learn more about them and their expertise to overcome problems. You need to provide detailed information on how to prioritize and determine the level of employee access to information and resources and interact with senior managers.

For example, you should ask the interviewer what your definition of a security expert is, what that person in your organization is capable of doing, and whether the decisions he or she makes are implemented quickly.

It is better to talk about how you are thinking of improving your knowledge and whether you want to participate in the big decisions of the organization.

Technical questions

In recruitment sessions, only a few general questions are asked, and most of the questions focus on security issues to determine if the applicant’s skill level is appropriate to the organization’s needs.

Therefore, you should provide enough information about your cybersecurity knowledge, work history, and how to perform tasks and solve problems. Some answers are simple and short, while others require thoughtful answers. Here are some common questions raised in these sessions.

What is a home network?

A home network or local area network (HAN) is a type of computer network that allows devices inside a home to communicate with each other. A home network is typically an experimental environment where most network and security experts perform some tests on these networks.

The home network may be implemented wirelessly or wired. How to work with a home network shows how you work with networks.

What is the difference between a threat, vulnerability, and danger?

To be able to answer this question properly, you need to have a deep understanding of cybersecurity. Every security professional should be able to answer this key and important question.

In computer security, a threat is a potentially negative action or event that is facilitated by vulnerabilities and leads to unintended effects on systems or networks. Risk in the general definition is a probability that refers to a specific action or action that leads to unpleasant and unwanted losses and consequences.

Vulnerability is a vulnerability that allows an attacker to gain access to communication infrastructure.

Vulnerability is the product of a combination of three components: system sensitivity or defect, an attacker’s access to a system defect, and an attacker’s ability to exploit that defect. To exploit a vulnerability, a hacker must have at least one tool or application technique that can exploit a system vulnerability.

It is better to get acquainted with these three concepts once and for all by giving an example. Imagine you are in a hut and a bear is outside the hut. In this example, the door of the hut is vulnerable and the bear is a threat that if you do not take action to fortify and the bear manages to open the door (vulnerability) and enter the hut, you become a prey (danger).

How can you secure a server?

The response may be divided into several stages, especially if a specific server is specified. The answer to this question shows your ability to make decisions and your line of thinking in network security. There are several ways to secure servers.

For example, setting access levels, installing security updates, monitoring and auditing, setting up firewalls, developing policies to combat DoS attacks, disabling unwanted services, enabling two-step authentication, blacklisting, installing security certificates, and disabling invalidation Here are some suggestions on how to look or get an appointment for physical servers.

Why is DNS monitoring important?

Some security experts believe that this is not necessary, others believe that not paying attention to it creates a huge security gap in the communication infrastructure, and others believe that DNS monitoring is a wise move, because domain name system dialogs can send network data unauthorized. And allow any host to connect to the Internet through port 53.

Does Ping use a protocol?

A ping is a tool that uses the ICMP protocol to check the status of the network. Due to security risks around Ping, security experts and network administrators disable the ability to ping and exchange ICMP messages.

What is the difference between encryption, encryption, and hashing?

Encoding refers to converting data in a way that another specific system can use. Encryption refers to the conversion of data in such a way that unauthorized persons are unable to view the information. Hash, or more accurately, hash, refers to ensuring the integrity and accuracy of data.

What is TLS?

The Transport Layer Security protocol is based on the Secure Sockets Layer, which is one of the cryptographic protocols for securing communications over the Internet. The protocol uses X.509 certification and asymmetric encryption to ensure counterparty identity and key exchange.

This protocol provides security for data transmission over the Internet and for purposes such as working with Web sites, e-mail, and Internet instant messaging. SSL in TCP / IP performs encryption in the lower layers of the application layer.

What are the differences between HTTPS, SSL, and TLS? 

HTTPS is a hypertext transfer protocol that secures network communications. TLS is the security layer of the transfer protocol and replaces SSL. Secure Sockets Layer (SSL) is a protocol developed by Netscape for exchanging private documents over the Internet. SSL uses a private key to encrypt the information transmitted over an SSL connection. SSL is an application-independent protocol, so protocols such as HTTP, FTP, and remote networking can be used. You need to show that you understand the difference between these three protocols and how to use network security protocols.

What components should we look for to identify a hacked system? 

There are several ways to do this that require skill and ingenuity. The best way is to draw a general network architecture that traces the location of components such as intrusion detection systems, intrusion prevention, firewalls, and other security technologies used to detect traffic and any suspicious sign.

If you had to compress and encrypt data at the same time during the transfer process, what would you do first?

We first compress the data and then encrypt it. Encryption may initially affect the compression process and cause various problems.

How do you strengthen the user authentication process?

Currently, two mechanisms of two-factor authentication and non-denial are the most efficient methods available.

How do you deal with multi-platform scripting (XSS) attacks?

Using tools that restrict code execution, such as NoScript, avoiding anonymous links and URLs, and using modern browsers is the best way to counter this attack. It is also a good idea to have a strong security program to deal with JavaScript vulnerabilities.

What is the difference between cloud cybersecurity and enterprise cybersecurity?

To answer this question, you must describe the security and inherent risks of each method, and then show what is appropriate based on the organization’s security policies. Organizational security refers to a general understanding of information security, holding in-house information security seminars, implementing a strategic and tactical security plan, employing experienced professionals, periodically reviewing, and monitoring, and analyzing security conditions.

Cloud computing security (sometimes referred to as cloud security) is a subset of computer security, network security, and information security in general. The concept includes a set of policies, technologies, and controls to protect data, applications, and cloud security infrastructures that focus on the components of deterrent controls, preventive controls, correction controls, and detection controls.

What is the abbreviation RDP?

RDP Remote Desktop protocol stands for Remote Desktop Protocol, which uses port 3389.

What is the difference between asymmetric and asymmetric encryption?

Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses different keys for encryption and decryption. Asymmetric encryption is an encryption system that uses a key pair.

The public key may be widely publicized, but the private key is made for the owner only. Symmetric cryptographic communications, because they use less mathematical computations, use a simpler mechanism in the encryption/decryption process, are therefore faster and, of course, less secure than asymmetric cryptographic algorithms.

What is the difference between UDP and TCP?

Both protocols are used to send packets over the Internet and are located on top of the Internet Protocol. TCP stands for Transmission Control Protocol and has more applications than UDP. Packets sent by the TCP protocol are numbered.

For this reason, the above protocol ensures that the recipient receives the data packets. UDP, which means user package protocol, has the same functionality as TCP, but does not use TCP error detection capabilities, which make the data sending and receiving process faster, but less reliable.

What is a traceroute?

traceroute helps security and networking experts investigate communications failures. The above tool shows which router the packets passed through to reach the final destination. The above tool shows where the connection was lost.

What is Honeypot and why is it used?

Honeypot is a source of information system that hosts false and unrealistic information and tries to detect and collect illegal and illegal activities on the network. In other words, a honeycomb is a computer system or system connected to a network or the Internet that hosts seemingly important and sensitive information.

Honeypot is intelligently placed in the network to act as a trap to attract attackers to gather information about how they entered the network and the goals they are pursuing on the network.

Describe information security in one sentence.

Information security means protecting information and information systems from unauthorized activities such as access, misuse, disclosure, reading, copying or recording, tampering with, altering, or tampering with.

What solution do you propose to counter the attack of social engineering?

Key steps to create effective defense in organizations to deal with social engineering are based on the fourfold approach of identifying persuasive psychological stimuli, familiarity with social engineering attack techniques, identifying different levels of defense, and defense strategies.

How is penetration testing performed?

The intrusion testing process is summarized in five steps: specifying the scope (target), data collection, vulnerability assessment, penetration testing, reporting, and solution presentation. Penetration testing is done in different ways, the main difference being the amount of information provided to experts concerning systems analysis.

last word

In general, organizations expect security experts to be involved in network scanning, censuses, ethical hacking of systems, malware detection, eavesdropping, social engineering, denial of service attacks, hacking of servers, hacking of web servers, hacking of applications and mobile platforms, detection systems and Have adequate information on intrusion prevention, firewalls, honey containers, cloud computing security and encryption.